Setting up ISCSI on Solaris 10 with ZFS
In the iscsi – world the iicsi – Server is the TARGET and the client is the INITIATOR.
Initiator = marconi22, 192.168.1.22
Target = marconi-t, 192.168.1.100
0. create the zfs (raw) volume
# mkfile 200m /file1
# zpool create mypool1 /file1
Now create a (raw) emulated Volume:
# zfs create -V 100m mypool1/testvolume
1. Enable the iscsi – Target (=server)
# svcadm enable svc:/system/iscsitgt:default
# ps -ef|grep isc
root 3017 1 0 22:08:10 ? 0:00 /usr/sbin/iscsitgtd
Note: the default port number is 3260.
# zfs set shareiscsi=on mypool1/testvolume
Check:
# zfs get shareiscsi mypool1/testvolume
NOTE: only supported from a Global Zone
Check the iscsi – parameters:
# iscsitadm list target -v
Target: mypool1/testvolume iSCSI Name: iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c Alias: mypool1/testvolume
2. Setup the Initiator (=Client)
# svcadm enable svc:/network/iscsi_initiator:default
Note:
root 3073 1 0 22:18:46 ? 0:00 /lib/svc/method/iscsid
# iscsiadm modify initiator-node -A marconi22
(here the hostname is the client’s own hostname, do not use IP)
(if necessary change the order..)
# iscsiadm list initiator-node
# iscsiadm add discovery-address 192.168.1.100
This IS is the IP of the server.
Now check the target – connection:
First check to see whether the server is visible:
# iscsiadm list discovery-address -v 192.168.1.100
(If necessary remove the address:
# iscsiadm remove discovery-address 192.168.1.100)
Enable the discovery
# iscsiadm modify discovery -t enable
Check with:
# iscsiadm list discovery
Discovery: Static: disabled Send Targets: enabled iSNS: disabled
# iscsiadm list target
This should show some iscsi – device
This should show you the target’s zfs – iscsi Volume(s).
Recognize the new iscsi – devices..
# devfsadm -c iscsi
3. Using the iscsi – devices
# format..
AVAILABLE DISK SELECTIONS: 0. c1d0 /pci@0,0/pci-ide@7/ide@0/cmdk@0,0 1. c2d0 /pci@0,0/pci-ide@7/ide@1/cmdk@0,0 2. c3t010000E0815EA33B00002A0049469A6Ed0 /scsi_vhci/disk@g010000e0815ea33b00002a0049469a6e
# zpool create mypool-iscsi 3t010000E0815EA33B00002A0049469A6Ed0
4. Optional: configure iscsi with CHAP authentication on the target (=Server)
Here we configure UNI-directional CHAP authentication where the target will authtenticate the initiator.
On the target (=server):
First find out the iscsi – name of the initiator:
# iscsitadm list target -v
[…]
Initiator: iSCSI Name: iqn.1986-03.com.sun:01:fa1808f0ffff.494304ff Alias: marconi21
Note the iSCSI Name here, which we will use to create alias marconi22:
# iscsitadm create initiator -n iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c marconi22
And check:
# iscsitadm list initiator
Initiator: marconi22
iSCSI Name: iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c
CHAP Name: Not set
Now set the initiator – chap name “chapname” that will be used by the initiator “marconi22” to authenticate to the target:
# iscsitadm modify initiator -H chapname123 marconi22
And check:
# iscsitadm list initiator
Initiator: marconi22 iSCSI Name: iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c
CHAP Name: chapname123
And set the password used for CHAP by initiator marconi22:
# iscsitadm modify initiator -C marconi22
Enter secret: xxxxxxxxxxxx
Re-enter secret: xxxxxxxxxxxx
Note: the minimum password length is 12 characters..
5. Configure iscsi with CHAP authentication on the initiator (=client)
On the Initiator: (=client)
# iscsiadm modify initiator-node -H chapname123
And set the password for “chapname123”:
# iscsiadm modify initiator-node -C
Enter secret: xxxxxxxxxxxx
Re-enter secret: xxxxxxxxxxxx
And enable CHAP as the authentication method:
# iscsiadm modify initiator-node -a CHAP
Check:
# iscsiadm list initiator-node Initiator node name: iqn.1986-03.com.sun:01:fa1808f0ffff.49428646 Initiator node alias: marconi22 Login Parameters (Default/Configured): Header Digest: NONE/- Data Digest: NONE/-
Authentication Type: CHAP
CHAP Name: chapname123
RADIUS Server: NONE RADIUS access: unknown Configured Sessions: 1
Test: export your previously created zpool and import it again.
In order to prove that chap – authentication really works: set the password to an incorrect value on the initiator with # iscsiadm modify initiator-node -C
Then, restart the svc:/system/iscsitgt:default – service on the initiator, and try to import the pool again on the initiator. It should fail.
